<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "https://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=9"/>
<meta name="generator" content="Doxygen 1.8.15"/>
<meta name="viewport" content="width=device-width, initial-scale=1"/>
<title>CryptoAuthLib: Secure boot using ATECC608A</title>
<link href="tabs.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="jquery.js"></script>
<script type="text/javascript" src="dynsections.js"></script>
<link href="navtree.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="resize.js"></script>
<script type="text/javascript" src="navtreedata.js"></script>
<script type="text/javascript" src="navtree.js"></script>
<script type="text/javascript">
/* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&amp;dn=gpl-2.0.txt GPL-v2 */
  $(document).ready(initResizable);
/* @license-end */</script>
<link href="search/search.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="search/searchdata.js"></script>
<script type="text/javascript" src="search/search.js"></script>
<link href="doxygen.css" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
<div id="titlearea">
<table cellspacing="0" cellpadding="0">
 <tbody>
 <tr style="height: 56px;">
  <td id="projectalign" style="padding-left: 0.5em;">
   <div id="projectname">CryptoAuthLib
   </div>
   <div id="projectbrief">Microchip CryptoAuthentication Library</div>
  </td>
 </tr>
 </tbody>
</table>
</div>
<!-- end header part -->
<!-- Generated by Doxygen 1.8.15 -->
<script type="text/javascript">
/* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&amp;dn=gpl-2.0.txt GPL-v2 */
var searchBox = new SearchBox("searchBox", "search",false,'Search');
/* @license-end */
</script>
<script type="text/javascript" src="menudata.js"></script>
<script type="text/javascript" src="menu.js"></script>
<script type="text/javascript">
/* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&amp;dn=gpl-2.0.txt GPL-v2 */
$(function() {
  initMenu('',true,false,'search.php','Search');
  $(document).ready(function() { init_search(); });
});
/* @license-end */</script>
<div id="main-nav"></div>
</div><!-- top -->
<div id="side-nav" class="ui-resizable side-nav-resizable">
  <div id="nav-tree">
    <div id="nav-tree-contents">
      <div id="nav-sync" class="sync"></div>
    </div>
  </div>
  <div id="splitbar" style="-moz-user-select:none;" 
       class="ui-resizable-handle">
  </div>
</div>
<script type="text/javascript">
/* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&amp;dn=gpl-2.0.txt GPL-v2 */
$(document).ready(function(){initNavTree('a01240.html','');});
/* @license-end */
</script>
<div id="doc-content">
<!-- window showing the filter options -->
<div id="MSearchSelectWindow"
     onmouseover="return searchBox.OnSearchSelectShow()"
     onmouseout="return searchBox.OnSearchSelectHide()"
     onkeydown="return searchBox.OnSearchSelectKey(event)">
</div>

<!-- iframe showing the search results (closed by default) -->
<div id="MSearchResultsWindow">
<iframe src="javascript:void(0)" frameborder="0" 
        name="MSearchResults" id="MSearchResults">
</iframe>
</div>

<div class="PageDoc"><div class="header">
  <div class="headertitle">
<div class="title">Secure boot using ATECC608A </div>  </div>
</div><!--header-->
<div class="contents">
<div class="textblock"><p>The SecureBoot command is a new feature on the <a href="https://www.microchip.com/wwwproducts/en/ATECC608A">ATECC608A</a> device compared to earlier CryptoAuthentication devices from Microchip. This feature helps the MCU to identify fraudulent code installed on it. When this feature is implemented, the MCU can send a firmware digest and signature to the ATECC608A. The ATECC608A validates this information (ECDSA verify) and responds to host with a yes or no answer.</p>
<p>The ATECC608A provides options to reduce the firmware verification time by storing the signature or digest after a good full verification (FullStore mode of the SecureBoot command).</p>
<ul>
<li>When the ATECC608A stores the digest (SecureBootMode is FullDig), the host only needs to send the firmware digest, which is compared to the stored copy. This skips the comparatively lengthy ECDSA verify, speeding up the secure boot process.</li>
<li>When the ATECC608A stores the signature (SecureBootMode is FullSig), the host only needs to send the firmware digest, which is verified against the stored signature using ECDSA. This saves time by not needing to send the signature in the command over the bus.</li>
</ul>
<p>The ATECC608A also provides wire protection features for the SecureBoot command, which can be used to encrypt the digest being sent from the host to the ATECC608A and add a MAC to the verify result coming back to the host so it can't be forced to a success state. This feature makes use of a shared secret between the host and ATECC608A, called the IO protection key.</p>
<p>The secure boot feature can be easily integrated to an existing project. The project should include the following files from the secure_boot folder:</p><ul>
<li><a class="el" href="a00020.html" title="Provides required APIs to manage secure boot under various scenarios.">secure_boot.c</a></li>
<li><a class="el" href="a00023.html" title="Provides required APIs to manage secure boot under various scenarios.">secure_boot.h</a></li>
<li><a class="el" href="a00026.html" title="Provides interface to memory component for the secure boot.">secure_boot_memory.h</a></li>
<li><a class="el" href="a00017.html" title="Provides required interface to access IO protection key.">io_protection_key.h</a></li>
</ul>
<p>The project should also implement the following platform-specific APIs:</p><ul>
<li><a class="el" href="a00026.html#ad744cc79ced98d366fed07780032bc47">secure_boot_init_memory()</a></li>
<li><a class="el" href="a00026.html#a25b3c765095b474bc2b93f87d96f7b28">secure_boot_read_memory()</a></li>
<li><a class="el" href="a00026.html#abf726b809a542bc68519520b61b755a3">secure_boot_deinit_memory()</a></li>
<li><a class="el" href="a00026.html#aa635e6de2a04772df6edfdc1973236b9">secure_boot_mark_full_copy_completion()</a></li>
<li><a class="el" href="a00026.html#a6378e763208c43ba1fbcadd8bc8a084c">secure_boot_check_full_copy_completion()</a></li>
<li><a class="el" href="a00017.html#adb01c317f81145702f564ca1d46ec33b">io_protection_get_key()</a></li>
<li><a class="el" href="a00017.html#a8e02c996fdc083bb4c4444057e429a44">io_protection_set_key()</a></li>
</ul>
<p>The project can set the secure boot configuration with the following defines:</p><ul>
<li>SECURE_BOOT_CONFIGURATION</li>
<li>SECURE_BOOT_DIGEST_ENCRYPT_ENABLED</li>
<li>SECURE_BOOT_UPGRADE_SUPPORT</li>
</ul>
<p>The secure boot process is performed by initializing CryptoAuthLib and calling the <a class="el" href="a00020.html#a861a785461af4116bca9343019225abd" title="Handles secure boot functionality through initialization, execution, and de-initialization.">secure_boot_process()</a> function.</p>
<h2>Implementation Considerations</h2>
<ul>
<li>Need to perform SHA256 calculations on the host. CryptoAuthLib provides a software implementation in <a class="el" href="a00341.html" title="Wrapper API for software SHA 256 routines.">lib/crypto/atca_crypto_sw_sha2.c</a></li>
<li>When using the wire protection features:<ul>
<li>The host needs to be able to generate a nonce (number used once). This is the NumIn parameter to the Nonce command that is sent before the SecureBoot command. The ATECC608A can not be used to generate NumIn, but it should come from a good random or non-repeating source in the host.</li>
<li>If the host has any protected internal memory, it should be used to store its copy of the IO protection key.</li>
</ul>
</li>
<li>Secure boot depends on proper protections of the boot loader code in the host. If the code can be easily changed, then the secure boot process can be easily skipped. Boot loader should ideally be stored in an immutable (unchangeable) location like a boot ROM or write-protected flash.</li>
<li>Note that these APIs don't provision the ATECC608A. They assume the ATECC608A has already been configured and provisioned with the necessary keys for secure boot.</li>
</ul>
<h2>Examples </h2>
<p>For more information about secure boot, please see the example implementation project and documentation at: <a href="https://github.com/MicrochipTech/cryptoauth_usecase_secureboot">https://github.com/MicrochipTech/cryptoauth_usecase_secureboot</a> </p>
</div></div><!-- PageDoc -->
</div><!-- contents -->
</div><!-- doc-content -->
<!-- start footer part -->
<div id="nav-path" class="navpath"><!-- id is needed for treeview function! -->
  <ul>
    <li class="footer">Generated by
    <a href="http://www.doxygen.org/index.html">
    <img class="footer" src="doxygen.png" alt="doxygen"/></a> 1.8.15 </li>
  </ul>
</div>
</body>
</html>
